/** * Dump a keytab: list all principals. * * @param keytabFile the keytab file * @throws IOException IO problems */ private void dumpKeytab(File keytabFile) throws IOException { title("Examining keytab %s", keytabFile); File kt = keytabFile.getCanonicalFile(); verifyFileIsValid(kt, CAT_KERBEROS, "keytab"); Keytab loadKeytab = Keytab.loadKeytab(kt); List<PrincipalName> principals = loadKeytab.getPrincipals(); println("keytab principal count: %d", principals.size()); int entrySize = 0; for (PrincipalName princ : principals) { List<KeytabEntry> entries = loadKeytab.getKeytabEntries(princ); entrySize = entrySize + entries.size(); for (KeytabEntry entry : entries) { EncryptionKey key = entry.getKey(); println(" %s: version=%d expires=%s encryption=%s", entry.getPrincipal(), entry.getKvno(), entry.getTimestamp(), key.getKeyType()); } } println("keytab entry count: %d", entrySize); endln(); }
for (KeytabEntry entry : keytabEntries) { StringBuilder sb = new StringBuilder(); sb.append(String.format("%-4d ", entry.getKvno())); if ((outputIndex & 2) != 0) { Date date = new Date(entry.getTimestamp().getTime()); sb.append(format.format(date)); sb.append(' '); if ((outputIndex & 1) != 0) { sb.append("(0x"); sb.append(HexUtil.bytesToHex(entry.getKey().getKeyData())); sb.append(")");
@Override public void removeKeytabEntries(PrincipalName principal, int kvno) { List<KeytabEntry> entries = getKeytabEntries(principal); for (KeytabEntry entry : entries) { if (entry.getKvno() == kvno) { removeKeytabEntry(entry); } } }
private KeytabEntry readEntry(KeytabInputStream kis, int entrySize) throws IOException { KeytabEntry entry = new KeytabEntry(); entry.load(kis, version, entrySize); return entry; }
@Override public void removeKeytabEntry(KeytabEntry entry) { PrincipalName principal = entry.getPrincipal(); List<KeytabEntry> entries = principalEntries.get(principal); if (entries != null) { Iterator<KeytabEntry> iter = entries.iterator(); while (iter.hasNext()) { KeytabEntry tmp = iter.next(); if (entry.equals(tmp)) { iter.remove(); break; } } } }
@Override public EncryptionKey getKey(PrincipalName principal, EncryptionType keyType) { List<KeytabEntry> entries = getKeytabEntries(principal); for (KeytabEntry ke : entries) { if (ke.getKey().getKeyType() == keyType) { return ke.getKey(); } } // Maybe we have a key stored under a different name for the same type int keyTypeValue = keyType.getValue(); for (KeytabEntry ke : entries) { if (keyTypeValue == ke.getKey().getKeyType().getValue()) { return ke.getKey(); } } return null; }
@Override public void addEntry(KeytabEntry entry) { PrincipalName principal = entry.getPrincipal(); List<KeytabEntry> entries = principalEntries.get(principal); if (entries == null) { entries = new ArrayList<>(); principalEntries.put(principal, entries); } entries.add(entry); }
/** * Export all the keys of the specified identity into the keytab. * * @param keytab The keytab * @param identity The identity * @throws KrbException If there is a problem exporting the identity to the keytab */ public static void exportToKeytab(Keytab keytab, KrbIdentity identity) throws KrbException { //Add principal to keytab. PrincipalName principal = identity.getPrincipal(); KerberosTime timestamp = KerberosTime.now(); for (EncryptionType encType : identity.getKeys().keySet()) { EncryptionKey ekey = identity.getKeys().get(encType); int keyVersion = ekey.getKvno(); keytab.addEntry(new KeytabEntry(principal, timestamp, keyVersion, ekey)); } }
for (KeytabEntry entry : keytabEntries) { StringBuilder sb = new StringBuilder(); sb.append(String.format("%-4d ", entry.getKvno())); if ((outputIndex & 2) != 0) { Date date = new Date(entry.getTimestamp().getTime()); sb.append(format.format(date)); sb.append(' '); if ((outputIndex & 1) != 0) { sb.append("(0x"); sb.append(HexUtil.bytesToHex(entry.getKey().getKeyData())); sb.append(")");
@Override public void removeKeytabEntries(PrincipalName principal, int kvno) { List<KeytabEntry> entries = getKeytabEntries(principal); for (KeytabEntry entry : entries) { if (entry.getKvno() == kvno) { removeKeytabEntry(entry); } } }
private KeytabEntry readEntry(KeytabInputStream kis, int entrySize) throws IOException { KeytabEntry entry = new KeytabEntry(); entry.load(kis, version, entrySize); return entry; }
@Override public void removeKeytabEntry(KeytabEntry entry) { PrincipalName principal = entry.getPrincipal(); List<KeytabEntry> entries = principalEntries.get(principal); if (entries != null) { Iterator<KeytabEntry> iter = entries.iterator(); while (iter.hasNext()) { KeytabEntry tmp = iter.next(); if (entry.equals(tmp)) { iter.remove(); break; } } } }
@Override public EncryptionKey getKey(PrincipalName principal, EncryptionType keyType) { List<KeytabEntry> entries = getKeytabEntries(principal); for (KeytabEntry ke : entries) { if (ke.getKey().getKeyType() == keyType) { return ke.getKey(); } } // Maybe we have a key stored under a different name for the same type int keyTypeValue = keyType.getValue(); for (KeytabEntry ke : entries) { if (keyTypeValue == ke.getKey().getKeyType().getValue()) { return ke.getKey(); } } return null; }
@Override public void addEntry(KeytabEntry entry) { PrincipalName principal = entry.getPrincipal(); List<KeytabEntry> entries = principalEntries.get(principal); if (entries == null) { entries = new ArrayList<>(); principalEntries.put(principal, entries); } entries.add(entry); }
/** * Export all the keys of the specified identity into the keytab. * * @param keytab The keytab * @param identity The identity * @throws KrbException If there is a problem exporting the identity to the keytab */ public static void exportToKeytab(Keytab keytab, KrbIdentity identity) throws KrbException { //Add principal to keytab. PrincipalName principal = identity.getPrincipal(); KerberosTime timestamp = KerberosTime.now(); for (EncryptionType encType : identity.getKeys().keySet()) { EncryptionKey ekey = identity.getKeys().get(encType); int keyVersion = ekey.getKvno(); keytab.addEntry(new KeytabEntry(principal, timestamp, keyVersion, ekey)); } }
/** * Remove all the old keys of the specified principal * in the specified keytab file. * * @param keytabFile The keytab file * @param principalName The principal name * @throws KrbException If there is a problem in removing the old keys of the specified principal */ public static void removeOldKeytabEntriesOf(File keytabFile, String principalName) throws KrbException { Keytab keytab = loadKeytab(keytabFile); List<KeytabEntry> entries = keytab.getKeytabEntries( new PrincipalName(principalName)); int maxKvno = 0; for (KeytabEntry entry : entries) { if (maxKvno < entry.getKvno()) { maxKvno = entry.getKvno(); } } for (KeytabEntry entry : entries) { if (entry.getKvno() < maxKvno) { keytab.removeKeytabEntry(entry); } } storeKeytab(keytab, keytabFile); }
/** * Remove all the old keys of the specified principal * in the specified keytab file. * * @param keytabFile The keytab file * @param principalName The principal name * @throws KrbException If there is a problem in removing the old keys of the specified principal */ public static void removeOldKeytabEntriesOf(File keytabFile, String principalName) throws KrbException { Keytab keytab = loadKeytab(keytabFile); List<KeytabEntry> entries = keytab.getKeytabEntries( new PrincipalName(principalName)); int maxKvno = 0; for (KeytabEntry entry : entries) { if (maxKvno < entry.getKvno()) { maxKvno = entry.getKvno(); } } for (KeytabEntry entry : entries) { if (entry.getKvno() < maxKvno) { keytab.removeKeytabEntry(entry); } } storeKeytab(keytab, keytabFile); }